scorecard-review
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in this skill. The skill follows safe practices for interacting with the Harness platform using defined MCP tools.
- [COMMAND_EXECUTION]: The skill uses specific tools (
harness_list,harness_get) to retrieve structured data from the Harness IDP. These tools are restricted to platform-provided functionality for accessing catalog entities, scores, and technical documentation. - [PROMPT_INJECTION]: The skill contains a potential surface for indirect prompt injection by processing external data from the IDP catalog and technical documents.
- Ingestion points: External data enters through the
harness_listandharness_gettools used in Steps 1-5 (SKILL.md). - Boundary markers: Absent.
- Capability inventory: The skill is limited to read-only tool calls for retrieving IDP scores and metadata; it lacks high-risk capabilities like file system writes or arbitrary network operations.
- Sanitization: Absent.
Audit Metadata